3 matches found
CVE-2022-2567
The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2022-2567
The CVE-2022-2567 entry applies to the WordPress plugin Form Builder CP, prior to version 1.2.32. The vulnerability arises from insufficient sanitisation/escaping of certain form settings, enabling Stored Cross-Site Scripting (XSS) by high-privilege users (e.g., admins). The risk exists even when...
CVE-2022-2567 Form Builder CP < 1.2.32 - Admin+ Stored Cross-Site Scripting
The Form Builder CP WordPress plugin before 1.2.32 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...